Due to the proliferation of wireless devices in use today, there is a continually increasing number of wireless networks. These wireless devices include mobile telephones, wireless personal digital assistants (PDAs), and other wireless multifunctional gadgets. Concurrently with the increase of available wireless devices, software applications running on such devices have increased their utility and complexity. For example, a wireless device may include an application that retrieves a weather report for a list of desired cities or an application that allows a user to bank online. These software applications take advantage of the ability to transmit data of the wireless network in order to provide timely and useful services to users, often in addition to voice communication.
A wireless device generally includes a runtime environment in which an application resides. A process is generally an instance of the application when executed in the runtime environment. The runtime environment generally includes one or more resources. A resource is generally a physical or a virtual component that can be accessed by a process. A resource may be accessed by more than one processes and thus is shared by these processes. However, not every process in the runtime environment should have the privilege to access every resource in the runtime environment. For security reasons, access to shared resources in runtime environment should be controlled.
Access control rules are generally defined within the runtime environment for the resources, by a user who has direct access to the runtime environment. For example, a user of a computer usually decides the access control rules on his computer. Therefore, access control rules for a runtime environment generally can only be defined by the user who has access to the runtime environment.
This approach has some significant limitations. The user of a runtime environment usually does not have enough information to properly specify access control rules for resources. The problem is compounded for shared resources, where a plurality of processes executing their respective applications. The user may not even be aware which processes should be given the privilege to access the resources in the respective access control rules.
In certain situations it may be desirable to specify the access control rules by an entity other than the user of the runtime environment. The need arises more prominently for runtime environments on the wireless devices. For example, a bank may create a library for a wireless device. The bank expects to have an exclusive right to control access to this library at runtime on all wireless devices suitable to run the library.
Therefore there is a need for a method and a system for shared resource access control that is suitable for runtime environments in distributed and/or wireless systems.